---
title: Log Drain Blacklist Configuration
owner: Logging and Metrics
---

<strong><%= modified_date %></strong>

This topic describes how to edit your manifest stub to prevent Cloud Foundry developers from binding log drains to certain components in your deployment.

## <a id='overview'></a>Overview

Developers can drain logs for their application instances and for requests made to their application instances through internal components of Cloud Foundry to a third-party log management service. For more information, see the [Streaming Application Logs to Log Management Services](../../devguide/services/log-management.html) topic.

To drain logs, developers use the Doppler component of the Loggregator system, which aggregates and streams logs and metrics from all user applications and system components in a Cloud Foundry deployment. For more information about the Doppler component and the Loggregator system, see the [Overview of the Loggregator System](../../loggregator/architecture.html) topic.

## <a id='blacklist'></a>Blacklist IP Addresses from Log Draining

Operators can blacklist IP addresses to prevent developers from draining logs from certain components. Operators may want to take this step because if the  developer attempts to bind a drain to an internal Cloud Foundry component, performance of the deployment can suffer.

To blacklist an IP address range, add the `doppler.blacklisted_syslog_ranges`
property to your existing manifest stub, or create an additional stub. Specify starting and ending IP addresses for each IP address range.

See the example stub below for reference:

```
---
properties:
  doppler:
    blacklisted_syslog_ranges:
    - start: 10.10.16.0
      end: 10.10.31.255
    - start: 10.10.80.0
      end: 10.10.95.255
```